In July, an attacker targeted Curve Finance. Coinbase has made around $1 million in profit from this incident; some of the stolen funds have been recovered, but not everyone has been fully paid back.
Importantly, Coinbase has not chosen to return this unexpected profit to the victims of the attack.
When Curve, a financial platform, lost $73 million worth of assets due to theft, it caused a temporary disruption in how they determined the value of their assets.
During this chaotic period, a trading bot noticed a rare chance to make a significant profit through a trading strategy called MEV (Miner Extractable Value).
To ensure this profitable trade went through swiftly, it paid a huge fee of 570 ETH (equivalent to $1.06 million at the time) to a validator on the Ethereum blockchain. This payment was one of the largest ever made in pursuit of MEV opportunities.
Validators run the Ethereum network. According to Alchemix, Coinbase was the validator that received the payment when Alchemix suffered financial losses due to the Curve exploit.
According to blockchain data, the huge fee of 570 ETH served as an incentive to convince the validator to automatically prioritize the bot’s transaction over others trying to make the same trade.
Refund of Stolen Funds by Everyone, Except Coinbase
In a recent cyberattack, a pool containing both Ether (ETH) and a derivative of Ether called alETH, issued by a platform called Alchemix, was targeted.
Before the attack, this pool had 7,259 ETH and 4,822 alETH. However, the attacker took most of these tokens, leaving only 1 ETH and 3,856 alETH in the pool.
Most of the profits from the trade went to the validator, and the trading bot netted 43 ETH from the transactions.
After a public call for help and a strong demand, the person who exploited Curve’s system and took $22 million worth of ETH and alETH decided to return the stolen funds to Alchemix.
Additionally, some ethical hackers, known as white hats, intercepted the hacker’s actions and returned $13 million worth of assets that could have been stolen.
Interestingly, there was a trading bot operator named c0ffeebabe.eth who, even though they weren’t required to do so, returned 2,879 ETH valued at almost $5.5 million to Curve.
Furthermore, the trading bot that made a $1 million profit by exploiting the alETH imbalance gave back its 43 ETH profit after the Alchemix team requested it.
Pseudonymous blockchain sleuth Ogle, founder of Ogle Security Group, specializes in retrieval of assets from cryptocurrency thefts, including the Curve exploit, he said in a Telegram message. “I’ve tried negotiating with them and spoken on the phone, but they won’t return the funds even after admitting it’s stolen.”
An Alchemix contributor said, “They are citing neutrality and decentralization and quoted some slippery slope arguments like saying they can’t be expected to prevent all crime on the blockchain, highways aren’t responsible for people that commit crimes on them, etc.”